Join token lifetime

I have a few questions relating to join tokens (generated by microk8s add-node):

  1. If you pass -1 as the token-ttl will the token ever timeout if it’s not used to join a node?
  2. If you call add-node multiple times will all of the tokens be usable or only the last one? i.e. if I need to join 5 nodes can I call add-node 5 times and then have the nodes join in parallel, or do I need to add-node and join serially for each node?
  3. Is there a way to delete/purge tokens?

Thank you!

  1. If you pass -1 as the token-ttl will the token ever timeout if it’s not used to join a node?

No it doesn’t expire.

  1. If you call add-node multiple times will all of the tokens be usable or only the last one? i.e. if I need to join 5 nodes can I call add-node 5 times and then have the nodes join in parallel, or do I need to add-node and join serially for each node?

Yes you can use 5 tokens in this case. If the token is a one time use token, i.e. no ttl defined, the token is valid until it is used by the join

  1. Is there a way to delete/purge tokens?

For non expiring tokens, you will have to go to this location in the server to purge the tokens.
/var/snap/microk8s/current/credentials/cluster-tokens.txt and delete the token defined in this file.

For the purpose of creating a cluster under automation it would be preferable to create a single token that can be used indefinitely to add as many nodes as needed in the future. Is there a way to create such a token?

For automation you can provide your own 32 char token via the --token and also provide how long this token will live via the --token-ttl argument, both during the microk8s add-node call. See MicroK8s - Command reference

That’s perfect! Thanks for the info.